on 03-14-2006 1:34 PM
Hi all,
We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
The following access point have been specified in the profile:
Description of the Access Points
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
icm/HTTPS/verify_client = 2
Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
The Web Dispatcher returns an error upon accessing it using HTTPS:
Dispatching Error
Error: -26
Version: 6040
Component: HTTP_ROUTE
Date/Time: Tue Mar 14 07:19:38 2006
Module: http_route.c
Line: 2383
Server: sapvm1_DVS_26
Detail: no valid destination server available for '!ALL' rc=13
Any help would be highly appreciated. Thanks!
Frodo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Frodo,
I am not sure.. but, just trying to give a logical explanation hmmm....
The SAP Webdispatcher is first installed for HTTP.. and later configured to support SSL.
Since you have configured for SSL(terminated)...
https --> is from client to web-dispatcher
http --> is from webdispatcher to the WAS instance
So, may be, it needs that "icm/server_port_2" line to communicate with the WAS instance through <i>http</i>.
Hope it helps!
Regards,
SK.
Hi SK,
I've thought about the same explanation myself as well but on second thought it didn't rally makes sense (or does it?
The parameter is there to set the access point, it specifies information for the incoming connection, not the outgoing connection to the WAS instance.
Also, you would never be able to only allow HTTPS based connections like this? (sure, you could set some firewall restictions but I would like to control this using the Web Dispatcher, as it is suppose to do).
I'll try to do some more tests tonight...
Frodo
Hi KS,
Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
All is working now.
Frodo
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.